As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemensβ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
This updated advisory is a follow-up to the original advisory titled ICSA-22-286-11 Siemens SCALANCE and RUGGEDCOM Products (Update A) that was published November 10th, 2022 on the ICS webpage on cisa.gov/ICS.
Successful exploitation of this vulnerability could allow low privileged attackers to escalate privileges.
The following types and versions of SCALANCE and RUGGEDCOM devices are affected:
--------- Begin Update B part 1 of 1 ---------
-****-------- End Update B part 1 of 1 ---------
SCALANCE SC622-2C (6GK5622-2GS00- 2AC2): All versions
SCALANCE SC632-2C (6GK5632-2GS00- 2AC2): All versions
SCALANCE SC636-2C (6GK5636-2GS00- 2AC2): All versions
SCALANCE SC642-2C (6GK5642-2GS00- 2AC2): All versions
SCALANCE SC646-2C (6GK5646-2GS00- 2AC2): All versions
SCALANCE W721-1 RJ45 (6GK5721-1FC00- 0AA0): All versions
SCALANCE W721-1 RJ45 (6GK5721-1FC00- 0AB0): All versions
SCALANCE W722-1 RJ45 (6GK5722-1FC00- 0AA0): All versions
SCALANCE W722-1 RJ45 (6GK5722-1FC00- 0AB0): All versions
SCALANCE W722-1 RJ45 (6GK5722-1FC00- 0AC0): All versions
SCALANCE W734-1 RJ45 (6GK5734-1FX00- 0AA0): All versions
SCALANCE W734-1 RJ45 (6GK5734-1FX00- 0AA6): All versions
SCALANCE W734-1 RJ45 (6GK5734-1FX00- 0AB0): All versions
SCALANCE W734-1 RJ45 (USA) (6GK5734- 1FX00-0AB6): All versions
SCALANCE W738-1 M12 (6GK5738-1GY00- 0AA0): All versions
SCALANCE W738-1 M12 (6GK5738-1GY00- 0AB0): All versions
SCALANCE W748-1 M12 (6GK5748-1GD00- 0AA0): All versions
SCALANCE W748-1 M12 (6GK5748-1GD00- 0AB0): All versions
SCALANCE W748-1 RJ45 (6GK5748-1FC00- 0AA0): All versions
SCALANCE W748-1 RJ45 (6GK5748-1FC00- 0AB0): All versions
SCALANCE W761-1 RJ45 (6GK5761-1FC00- 0AA0): All versions
SCALANCE W761-1 RJ45 (6GK5761-1FC00- 0AB0): All versions
SCALANCE W774-1 M12 EEC (6GK5774-1FY00- 0TA0): All versions
SCALANCE W774-1 M12 EEC (6GK5774-1FY00- 0TB0): All versions
SCALANCE W774-1 RJ45 (6GK5774-1FX00- 0AA0): All versions
SCALANCE W774-1 RJ45 (6GK5774-1FX00- 0AA6): All versions
SCALANCE W774-1 RJ45 (6GK5774-1FX00- 0AB0): All versions
SCALANCE W774-1 RJ45 (6GK5774-1FX00- 0AC0): All versions
SCALANCE W774-1 RJ45 (USA) (6GK5774- 1FX00-0AB6): All versions
SCALANCE W778-1 M12 (6GK5778-1GY00- 0AA0): All versions
SCALANCE W778-1 M12 (6GK5778-1GY00- 0AB0): All versions
SCALANCE W778-1 M12 EEC (6GK5778- 1GY00-0TA0): All versions
SCALANCE W778-1 M12 EEC (USA) (6GK5778- 1GY00-0TB0): All versions
SCALANCE W786-1 RJ45 (6GK5786-1FC00- 0AA0): All versions
SCALANCE W786-1 RJ45 (6GK5786-1FC00- 0AB0): All versions
SCALANCE W786-2 RJ45 (6GK5786-2FC00- 0AA0): All versions
SCALANCE W786-2 RJ45 (6GK5786-2FC00- 0AB0): All versions
SCALANCE W786-2 RJ45 (6GK5786-2FC00- 0AC0): All versions
SCALANCE W786-2 SFP (6GK5786-2FE00- 0AA0): All versions
SCALANCE W786-2 SFP (6GK5786-2FE00- 0AB0): All versions
SCALANCE W786-2IA RJ45 (6GK5786-2HC00- 0AA0): All versions
SCALANCE W786-2IA RJ45 (6GK5786-2HC00- 0AB0): All versions
SCALANCE W788-1 M12 (6GK5788-1GD00- 0AA0): All versions
SCALANCE W788-1 M12 (6GK5788-1GD00- 0AB0): All versions
SCALANCE W788-1 RJ45 (6GK5788-1FC00- 0AA0): All versions
SCALANCE W788-1 RJ45 (6GK5788-1FC00- 0AB0): All versions
SCALANCE W788-2 M12 (6GK5788-2GD00- 0AA0): All versions
SCALANCE W788-2 M12 (6GK5788-2GD00- 0AB0): All versions
SCALANCE W788-2 M12 EEC (6GK5788- 2GD00-0TA0): All versions
SCALANCE W788-2 M12 EEC (6GK5788- 2GD00-0TB0): All versions
SCALANCE W788-2 M12 EEC (6GK5788- 2GD00-0TC0): All versions
SCALANCE W788-2 RJ45 (6GK5788-2FC00- 0AA0): All versions
SCALANCE W788-2 RJ45 (6GK5788-2FC00- 0AB0): All versions
SCALANCE W788-2 RJ45 (6GK5788-2FC00- 0AC0): All versions
SCALANCE W1748-1 M12 (6GK5748-1GY01- 0AA0): All versions
SCALANCE W1748-1 M12 (6GK5748-1GY01- 0TA0): All versions
SCALANCE W1788-1 M12 (6GK5788-1GY01- 0AA0): All versions
SCALANCE W1788-2 EEC M12 (6GK5788- 2GY01-0TA0): All versions
SCALANCE W1788-2 M12 (6GK5788-2GY01- 0AA0): All versions
SCALANCE W1788-2IA M12 (6GK5788-2HY01- 0AA0): All versions
SCALANCE WAM763-1 (6GK5763-1AL00- 7DA0): All versions
SCALANCE WAM766-1 (6GK5766-1GE00- 7DA0): All versions
SCALANCE WAM766-1 (6GK5766-1GE00- 7DB0): All versions
SCALANCE WAM766-1 6GHz (6GK5766-1JE00- 7DA0): All versions
SCALANCE WAM766-1 EEC (6GK5766-1GE00- 7TA0): All versions
SCALANCE WAM766-1 EEC (6GK5766-1GE00- 7TB0): All versions
SCALANCE WAM766-1 EEC 6GHz (6GK5766- 1JE00-7TA0): All versions
SCALANCE WUM763-1 (6GK5763-1AL00- 3AA0): All versions
SCALANCE WUM763-1 (6GK5763-1AL00- 3DA0): All versions
SCALANCE WUM766-1 (6GK5766-1GE00- 3DA0): All versions
SCALANCE WUM766-1 (6GK5766-1GE00- 3DB0): All versions
SCALANCE WUM766-1 6GHz (6GK5766-1JE00- 3DA0): All versions
SCALANCE XB205-3 (SC, PN) (6GK5205- 3BB00-2AB2): All versions
SCALANCE XB205-3 (ST, E/IP) (6GK5205- 3BB00-2TB2): All versions
SCALANCE XB205-3 (ST, E/IP) (6GK5205- 3BD00-2TB2): All versions
SCALANCE XB205-3 (ST, PN) (6GK5205-3BD00- 2AB2): All versions
SCALANCE XB205-3LD (SC, E/IP) (6GK5205- 3BF00-2TB2): All versions
SCALANCE XB205-3LD (SC, PN) (6GK5205- 3BF00-2AB2): All versions
SCALANCE XB208 (E/IP) (6GK5208-0BA00- 2TB2): All versions
SCALANCE XB208 (PN) (6GK5208-0BA00- 2AB2): All versions
SCALANCE XB213-3 (SC, E/IP) (6GK5213- 3BD00-2TB2): All versions
SCALANCE XB213-3 (SC, PN) (6GK5213- 3BD00-2AB2): All versions
SCALANCE XB213-3 (ST, E/IP) (6GK5213- 3BB00-2TB2): All versions
SCALANCE XB213-3 (ST, PN) (6GK5213-3BB00- 2AB2): All versions
SCALANCE XB213-3LD (SC, E/IP) (6GK5213- 3BF00-2TB2): All versions
SCALANCE XB213-3LD (SC, PN) (6GK5213- 3BF00-2AB2): All versions
SCALANCE XB216 (E/IP) (6GK5216-0BA00- 2TB2): All versions
SCALANCE XB216 (PN) (6GK5216-0BA00- 2AB2): All versions
SCALANCE XC206-2 (SC) (6GK5206-2BD00- 2AC2): All versions
SCALANCE XC206-2 (ST/BFOC) (6GK5206- 2BB00-2AC2): All versions
SCALANCE XC206-2G PoE (6GK5206-2RS00- 2AC2): All versions
SCALANCE XC206-2G PoE (54 V DC) (6GK5206-2RS00-5AC2): All versions
SCALANCE XC206-2G PoE EEC (54 V DC) (6GK5206-2RS00-5FC2): All versions
SCALANCE XC206-2SFP (6GK5206-2BS00- 2AC2): All versions
SCALANCE XC206-2SFP EEC (6GK5206- 2BS00-2FC2): All versions
SCALANCE XC206-2SFP G (6GK5206-2GS00- 2AC2): All versions
SCALANCE XC206-2SFP G (EIP DEF.) (6GK5206-2GS00-2TC2): All versions
SCALANCE XC206-2SFP G EEC (6GK5206- 2GS00-2FC2): All versions
SCALANCE XC208 (6GK5208-0BA00-2AC2): All versions
SCALANCE XC208EEC (6GK5208-0BA00- 2FC2): All versions
SCALANCE XC208G (6GK5208-0GA00-2AC2): All versions
SCALANCE XC208G (EIP def.) (6GK5208- 0GA00-2TC2): All versions
SCALANCE XC208G EEC (6GK5208-0GA00- 2FC2): All versions
SCALANCE XC208G PoE (6GK5208-0RA00- 2AC2): All versions
SCALANCE XC208G PoE (54 V DC) (6GK5208- 0RA00-5AC2): All versions
SCALANCE XC216 (6GK5216-0BA00-2AC2): All versions
SCALANCE XC216-3G PoE (6GK5216-3RS00- 2AC2): All versions
SCALANCE XC216-3G PoE (54 V DC) (6GK5216-3RS00-5AC2): All versions
SCALANCE XC216-4C (6GK5216-4BS00- 2AC2): All versions
SCALANCE XC216-4C G (6GK5216-4GS00- 2AC2): All versions
SCALANCE XC216-4C G (EIP Def.) (6GK5216- 4GS00-2TC2): All versions
SCALANCE XC216-4C G EEC (6GK5216- 4GS00-2FC2): All versions
SCALANCE XC216EEC (6GK5216-0BA00- 2FC2): All versions
SCALANCE XC224 (6GK5224-0BA00-2AC2): All versions
SCALANCE XC224-4C G (6GK5224-4GS00- 2AC2): All versions
SCALANCE XC224-4C G (EIP Def.) (6GK5224- 4GS00-2TC2): All versions
SCALANCE XC224-4C G EEC (6GK5224- 4GS00-2FC2): All versions
SCALANCE XF204 (6GK5204-0BA00-2GF2): All versions
SCALANCE XF204 DNA (6GK5204-0BA00- 2YF2): All versions
SCALANCE XF204-2BA (6GK5204-2AA00- 2GF2): All versions
SCALANCE XF204-2BA DNA (6GK5204-2AA00- 2YF2): All versions
SCALANCE XM408-4C (6GK5408-4GP00- 2AM2): All versions
SCALANCE XM408-4C (L3 int.) (6GK5408- 4GQ00-2AM2): All versions
SCALANCE XM408-8C (6GK5408-8GS00- 2AM2): All versions
SCALANCE XM408-8C (L3 int.) (6GK5408- 8GR00-2AM2): All versions
SCALANCE XM416-4C (6GK5416-4GS00- 2AM2): All versions
SCALANCE XM416-4C (L3 int.) (6GK5416- 4GR00-2AM2): All versions
SCALANCE XP208 (6GK5208-0HA00-2AS6): All versions
SCALANCE XP208 (Ethernet/IP) (6GK5208- 0HA00-2TS6): All versions
SCALANCE XP208EEC (6GK5208-0HA00- 2ES6): All versions
SCALANCE XP208PoE EEC (6GK5208-0UA00- 5ES6): All versions
SCALANCE XP216 (6GK5216-0HA00-2AS6): All versions
SCALANCE XP216 (Ethernet/IP) (6GK5216- 0HA00-2TS6): All versions
SCALANCE XP216EEC (6GK5216-0HA00- 2ES6): All versions
SCALANCE XP216POE EEC (6GK5216-0UA00- 5ES6): All versions
SCALANCE XR324WG (24 x FE, AC 230V) (6GK5324-0BA00-3AR3): All versions
SCALANCE XR324WG (24 X FE, DC 24V) (6GK5324-0BA00-2AR3): All versions
SCALANCE XR326-2C PoE WG (6GK5326- 2QS00-3AR3): All versions
SCALANCE XR326-2C PoE WG (without UL) (6GK5326-2QS00-3RR3): All versions
SCALANCE XR328-4C WG (24xFE,4xGE, AC230V) (6GK5328-4FS00- 3AR3): All versions
SCALANCE XR328-4C WG (24xFE,4xGE, AC230V) (6GK5328-4FS00- 3RR3): All versions
SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (6GK5328-4FS00-2AR3): All versions
SCALANCE XR328-4C WG (24xFE, 4xGE, DC24V) (6GK5328-4FS00-2RR3): All versions
SCALANCE XR328-4C WG (28xGE, AC 230V) (6GK5328-4SS00-3AR3): All versions
SCALANCE XR328-4C WG (28xGE, DC 24V) (6GK5328-4SS00-2AR3): All versions
SCALANCE XR524-8C, 1x230V (6GK5524- 8GS00-3AR2): All versions
SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2): All versions
SCALANCE XR524-8C, 2x230V (6GK5524- 8GS00-4AR2): All versions
SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2): All versions
SCALANCE XR524-8C, 24V (6GK5524-8GS00- 2AR2): All versions
SCALANCE XR524-8C, 24V (L3 int.) (6GK5524- 8GR00-2AR2): All versions
SCALANCE XR526-8C, 1x230V (6GK5526- 8GS00-3AR2): All versions
SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2): All versions
SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2): All versions
SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2): All versions
SCALANCE XR526-8C, 24V (6GK5526-8GS00- 2AR2): All versions
SCALANCE XR526-8C, 24V (L3 int.) (6GK5526- 8GR00-2AR2): All versions
SCALANCE XR528-6M (6GK5528-0AA00- 2AR2): All versions
SCALANCE XR528-6M (2HR2) (6GK5528- 0AA00-2HR2): All versions
SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2): All versions
SCALANCE XR528-6M (L3 int.) (6GK5528- 0AR00-2AR2): All versions
SCALANCE XR552-12M (6GK5552-0AA00- 2AR2): All versions
SCALANCE XR552-12M (2HR2) (6GK5552- 0AA00-2HR2): All versions
SCALANCE XR552-12M (2HR2) (6GK5552- 0AR00-2HR2): All versions
SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2): All versions
SIPLUS NET SCALANCE XC206-2 (6AG1206- 2BB00-7AC2): All versions
SIPLUS NET SCALANCE XC206-2SFP (6AG1206-2BS00-7AC2): All versions
SIPLUS NET SCALANCE XC208 (6AG1208- 0BA00-7AC2): All versions
SIPLUS NET SCALANCE XC216-4C (6AG1216- 4BS00-7AC2): All versions
Affected Siemens SCALANCE and RUGGEDCOM devices of versions prior to V7.1.2 do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.
CVE-2022-31765 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Martin Grubhofer and Michael Messner from Siemens Energy reported these vulnerabilities to Siemens.
Siemens recommends users apply the following mitigations:
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemensβ operational guidelines for industrial security and following recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.
For more information, see SSA-552702 in HTML or CSAF formats.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities. Specifically, users should:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01BβTargeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploits specifically target this vulnerability.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31765
cert-portal.siemens.com/productcert/csaf/ssa-552702.json
cert-portal.siemens.com/productcert/html/ssa-552702.html
cert-portal.siemens.com/productcert/html/ssa-552702.html
cisa.gov/ics
cisa.gov/ics
cwe.mitre.org/data/definitions/862.html
new.siemens.com/global/en/products/services/cert.html#SecurityPublications
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Siemens%20SCALANCE%20and%20RUGGEDCOM%20Products%20%28Update%20B%29+https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-11
us-cert.cisa.gov/ics/Recommended-Practices
us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-11&title=Siemens%20SCALANCE%20and%20RUGGEDCOM%20Products%20%28Update%20B%29
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-11
www.oig.dhs.gov/
www.siemens.com/cert/operational-guidelines-industrial-security
www.siemens.com/industrialsecurity
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-11
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Siemens%20SCALANCE%20and%20RUGGEDCOM%20Products%20%28Update%20B%29&body=www.cisa.gov/news-events/ics-advisories/icsa-22-286-11